Sanitise values for maxPoints, maxComponentPoints maxComponentDepth Sanitize values in fonts that exceed values maxPoints and maxComponentPoints from the maxp table. While traversing components, also keep track of depth vs. maxComponentDepth and overwrite in maxp when a larger value is needed. Reject only when values exceed 0xFFFF as that is the maximum value for the limits in maxp. Add test fonts to test_good_fonts, based on Amiri font subsets: 01ae09f3a2ca8f33035e6261d09e9fe06b919174.ttf Max composite levels 3, instead of 4 ad455c8c531334cf470a98901cbe86a378895c14.ttf Max composite points 68 instead of 69 49331b1dd031e95ca803d632f69404d09ee6f592.ttf Max points 40 instead of 41
The OpenType Sanitizer (OTS) parses and serializes OpenType files (OTF, TTF) and WOFF and WOFF2 font files, validating them and sanitizing them as it goes.
The C library is integrated into Chromium and Firefox, and also simple command line tools to check files offline in a Terminal.
The CSS font-face property is great for web typography. Having to use images in order to get the correct typeface is a great sadness; one should be able to use vectors.
However, on many platforms the system-level TrueType font renderers have never been part of the attack surface before, and putting them on the front line is a scary proposition... Especially on platforms like Windows, where it's a closed-source blob running with high privilege.
Instructions below are for building standalone OTS utilities, if you want to use OTS as a library then the recommended way is to copy the source code and integrate it into your existing build system. Our build system does not build a shared library intentionally.
Build OTS:
$ meson build $ ninja -C build
Run the tests (if you wish):
$ ninja -C build test
See docs
Thanks to Alex Russell for the original idea.